What are the causes for a GRE tunnel establishment failure

0

The causes for a GRE tunnel establishment failure are as follows:

-Interfaces on both ends of a tunnel use different tunnel encapsulation modes.
-An IP address, a tunnel source address, and a tunnel destination address are not configured for interfaces on both ends of the tunnel. The source address of one end is not the destination address of the other end.
-There is no reachable route between the tunnel source and destination addresses.
-Keepalive detection is configured, but parameters on both ends of a tunnel are inconsistent.
-GRE key configurations on both ends of a tunnel are inconsistent.

Other related questions:
How to rapidly locate the cause of a failure to establish a tunnel between the LAC and LNS
During L2TP configuration, the LAC cannot set up a tunnel with the LNS. Perform the following operations to quickly locate the fault.
1. Run the start l2tp command on the LAC to check whether there is a reachable route to the LNS. If the route is unreachable, ensure route reachability.
2. Check the L2TP configuration on the LNS and delete the remote parameter specified in the allow l2tp command. If an L2TP tunnel can be established successfully, the LAC cannot set up a tunnel with the LNS because the tunnel name on the LAC is incorrect or the tunnel name specified by the LNS is incorrect. Use the following methods:
 - Run the tunnel name command on the LAC to set the local tunnel name to the value of remote specified by the allow l2tp command on the LNS.
 - Run the allow l2tp command on the LNS to change the value of remote to the tunnel name configured on the LAC. If no local tunnel name is configured using the tunnel name command on the LAC, the value of remote is the device name of the LAC.

What is the function of the tunnel interface (GRE interface)
The tunnel interface (GRE interface) encapsulates and decapsulates data packets using GRE. The tunnel interface that sends encapsulated packets is called the tunnel source interface, and the one that receives these packets on the peer end is called the tunnel destination interface. Generally, the local WAN interface is used as the tunnel source interface, and the peer WAN interface is used as the tunnel destination interface.

GRE tunnel configuration on the USG6000
The USG6000 GRE scenarios are as follows: 1. Static route-based GRE tunnel The NGFW adopts the dynamic routing protocol. Intranet users can transmit data that is not supported by certain public network devices over the GRE tunnel. 2. OSPF-based GRE tunnel The NGFW adopts the OSPF routing protocol. Intranet users can transmit data that is not supported by certain public network devices over the GRE tunnel. For specific scenarios and configuration cases, click Configuring a Static Route-based GRE Tunnel.

Possible cause for a failure to establish the L2TP over IPSec tunnel between the AR and PC running Windows 7 or Windows XP
The system registry may be not modified. Use Windows 7 as an example. Modify the Windows registry and do not use the digital certificate. The method is as follows: 1. Choose Start > Run and enter regedit to open the registry. 2. Access HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan\Parameters , and right-click the blank area on the right and choose New > DWORD (32-bit) to generate a new file named New Value #1. 3. Select New Value #1, right-click Rename to rename the file name ProhibitIpSec. 4. Select the ProhibitIpSec file, and right-click file and select Modify. 5. Set Numerical Data to 1 and set Cadinality to 16 hexadecimal in the displayed Edit DWORD�?2-bit�?value dialog box. 6. Restart the PC to make the configuration take effect.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top